The EU Data Act fundamentally changes how product data is handled. Learn the key requirements and how to prepare your company.
Scope of the Data Act
The Data Act is deliberately broad to cover the various aspects of the modern data economy. The regulation applies to all companies offering products or services in the EU, regardless of where their headquarters are located. This includes IoT devices such as smart home products, industrial machines and vehicles, as well as providers of cloud and edge computing services. Public authorities can also gain access to data under certain conditions when it is needed for tasks in the public interest.
Key elements of the Data Act
The Data Act sets out a number of central rules that redefine the interaction between manufacturers, users and data recipients. These requirements are crucial to promote a fair data economy and to ensure the protection of sensitive information.
User rights and access to their data
The Data Act grants users of connected products and services the right to access the data generated by their use. This data must be provided free of charge, in machine-readable form and without delay. Companies are obliged, at the user’s request, to pass these data on to third parties provided that no exemptions such as the protection of trade secrets apply.
Obligations for companies when sharing data
Companies that share data with third parties must ensure that this is done on fair, reasonable and non-discriminatory terms. Disclosure may be refused if it would endanger trade secrets or violate security requirements defined by EU or national law. In the event of a refusal, the competent national authority must be informed, and affected users have the right to challenge the decision.
Rules for legally mandated data sharing
In certain legally regulated situations, companies must provide data to other companies (B2B) or public authorities (B2G). This includes cases such as crises in which public authorities need access to data for tasks in the public interest. Such requests must be transparent, specific and proportionate. Companies may demand reasonable compensation in these cases to cover their costs.
Promoting interoperability of systems
To facilitate data exchange between different platforms and services, the Data Act requires companies to design their products and services to be interoperable. This includes implementing open interfaces and complying with common standards. In addition, cloud providers must not charge fees for switching between service providers from January 2027.
Protection against unlawful access to data
Non-personal data stored in the EU are protected by the Data Act against unlawful access by authorities from third countries. Companies may only disclose such data if the request complies with the strict requirements of EU law. This rule ensures that data protection is maintained even in the context of international requests.
Implications for product manufacturers
The Data Act requires manufacturers of connected products to make clear adjustments in order to meet the new requirements:
- Technical requirements: Products must be designed so that data can be provided in machine-readable formats. Open interfaces for interoperability with other systems are mandatory.
- Security requirements: Access to data may only be refused if disclosure demonstrably causes security risks or the loss of trade secrets. Such cases must be documented and reported to the authorities.
- Information obligations: Manufacturers must transparently inform users about the type, scope and duration of data collection before a product is sold.
- Opportunities for new business models: The required data sharing opens up potential for additional services such as data-driven maintenance or optimization. At the same time, manufacturers can differentiate themselves in the market through innovative use of data.
The Data Act demands technological adjustments and greater transparency, but also offers opportunities to open up new markets through data-driven innovations.
Conclusion and outlook
The Data Act marks a turning point for data handling in the EU. With clear rules on access, sharing and interoperability, the regulation creates a binding framework that strengthens user rights while promoting innovation. For companies — especially machinery manufacturers and IoT producers — this means significant technical and organizational adjustments, but also opportunities through new data-based business models.
Successful implementation will depend on how well companies integrate the new requirements into their products and processes. At the same time, further guidelines and standards will play a crucial role in facilitating the practical application of the Data Act and sustainably strengthening the European data economy.
